Photo by Marc Sendra Martorell on Unsplash

Photo by Marc Sendra Martorell on Unsplash

SoftEther VPN software

Speed in the Tunnel

Article from ADMIN 72/2022
By
SoftEther is lean VPN software that outpaces the current king of the hill, OpenVPN, in terms of technology and performance.

In the age of home offices and distributed locations, companies want security solutions that can be integrated easily into existing infrastructures, offer genuine added value, and secure communications between mobile clients and sites. OpenVPN was long considered the measure of all things VPN, but the business model was developed at the expense of the community edition and has various restrictions. For example, the classic tool only supports its own virtual private network (VPN) protocol and does not offer support for natively integrated VPN clients from Android, iOS, macOS, and Windows.

Fast SoftEther Alternative

SoftEther [1], whose name contains elements of software and Ethernet, has something to offer to counter the aforementioned limitations. The open source VPN supports VPN protocols such as Secure Socket Layer (SSL) VPN, the Layer 2 Tunneling Protocol (L2TP)/Internet Protocol Security (IPsec), OpenVPN, and Microsoft Secure Socket Tunneling Protocol (SSTP). SoftEther supports network address translation (NAT) traversal, which means you can run the VPN server on a machine located behind home gateways, facility routers, and firewalls. Firewalls that perform deep packet inspection do not recognize SoftEther's VPN transport packets as VPN tunnels because HTTPS is used to disguise the connection. Other highlights include:

  • Site-to-site and remote access VPN connections
  • Access to restricted public wireless local-area networks (WLANs) by VPN over Internet Control Message Protocol (ICMP) and VPN over DNS
  • Ethernet bridging and Layer 3 over VPN
  • Logging and firewalling in the VPN tunnel
  • Support for relevant operating systems (Windows, Linux, macOS, Android, iOS)
  • Cloning OpenVPN connections
  • RADIUS/NT domain authentication of users

A table showing the direct comparison between the two VPN applications can be found online [2].

Apart from purely technological aspects, the biggest benefit is fast speed. On the basis of performance protocols, various studies show that OpenVPN has a data throughput of less than 100Mbps, which often turns out to be a bottleneck. According to the developers, SoftEther provides speeds of more than 900Mbps. Performance is achieved through utilization of the full Ethernet frame. At the same time, the software reduces memory copying, parallel transfer, and clustering. The sum of these measures significantly reduces latency and massively boosts throughput.

Another special feature of SoftEther, its modular architecture, lets you expand the basic system to include additional functions, such as VPN Gate. Thanks to versatile protocol support, you usually don't have to install the SoftEther client. However, if you make intensive use of the VPN environment, you will want to use the client for performance reasons alone.

SoftEther in Operation

The name "SoftEther" points to the architecture of the VPN software: Virtualization creates a virtual Ethernet adapter and generates a switch that emulates a conventional Ethernet switch – in SoftEther terminology, it is referred to as a virtual hub. The VPN connection is established by the two components working together over a virtual Ethernet cable.

The SoftEther version at the time of publication was 4.39. The installation packages for the supported operating systems are available from the SoftEther download center [3]. The SoftEther server is at the core of the environment. It is especially easy to install on Windows, where the setup wizard guides you through the various steps.

During the install, you can choose between the server and the VPN bridge. Server Manager is automatically installed and supports centralized administration of various SoftEther installations. To configure the local SoftEther infrastructure, you just connect to the VPN server with a single click and specify a server-specific password.

The ease of working with SoftEther soon becomes apparent (Figure 1). In the SoftEther VPN Server/Bridge Easy Setup dialog, you can choose from the two most common installation variants: Remote Access VPN Server or Site-to-Site VPN Server to VPN Bridge . If you want to use advanced configurations such as clustering, you need to do so manually.

Figure 1: The user-friendly SoftEther server setup wizard has information on typical deployment scenarios.

The setup dialog supports you in the decision-making process, in that it provides a visualization and brief description of the scenario in question with information relevant to decision making. In this article, I look at the remote access scenario, where the VPN clients establish a secure connection to the VPN server, allowing access to the network behind it. Pressing Next in the setup wizard opens the hint dialog that informs you the server is initialized. You only have to confirm at this point and proceed to assign a name to the server configuration.

The setup wizard now reveals another special feature. The VPN server has a built-in dynamic DNS feature that assigns a permanent DNS name to the server, making it globally accessible. Pressing Exit completes the basic configuration and you can carry on with the next step. You can integrate the local VPN server with the Azure Cloud Service (not to be confused with Microsoft's cloud service). VPN Azure Cloud is a free cloud VPN service from the SoftEther project. In the context of this example, it is difficult to say whether or not it makes sense to use it. My recommendation is to disable the associated function by selecting Disable VPN Azure . Then press OK to close this dialog.

The next step is to set up the first SoftEther user by clicking on Create Users and assigning a username, real name, password, and authentication method. If you are running a RADIUS server or Active Directory, specify the associated username. You can also use existing certificates. SoftEther is now ready for use.

Installing the Client

In principle, SoftEther lets you use the native VPN clients of today's popular operating systems, but the SoftEther client is recommended for regular use of the VPN environment. The installation packages are also available from the download center. The installer sets up a virtual network adapter and a background service on the client side. As with the SoftEther server, the client provides a VPN Client Manager that you use to manage various VPN connections and connection-specific settings.

To connect to the SoftEther server, double-click on Add VPN Connection in the Client Manager and assign a name, the server data, the virtual network adapter to be used, and the access data to the connection in the associated New VPN Connection Setting Properties dialog. If required, you can also use a proxy server.

One highlight on the client side is the advanced connection settings, which are hidden behind the Advanced Settings button. You can significantly improve performance by increasing the number of connections under Number of TCP Connections (Figure 2). For broadband connections the value can handle up to 8 parallel connections; for dial-up connections you will want to keep the default value 1 .

Figure 2: The SoftEther Server Manager is the central interface to the VPN server instances.

If sufficiently powerful systems are available on the client and server side, enabling data compression by checking Use Data Compression can provide a significant performance boost. The SoftEther VPN protocol can internally compress and transmit all Ethernet frames sent and received. The Deflate algorithm is used here. Data compression reduces the communication volume by up to 80 percent, but compression and decompression do cause a significant increase in the compute load. Compression has its limits, however: If the line speed exceeds 10Mbps, not compressing data often improves communication speed. A final OK accepts the connection settings, and you can open a VPN to the SoftEther server in the Client Manager just by double-clicking.

The Client Manager offers a wealth of other practical features. For example, you can export and import connection settings for use on third-party systems and create additional virtual adapter and smart card configurations. The Client Manager tags the existing VPN connections as Connected in the Status column. You can access the connection details by right-clicking on the connection settings and selecting the View Status command.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Systemd network management and container handling
    Version 219 of the controversial systemd init system introduces a number of comprehensive changes. We take a closer look at the innovations in network management and container handling.
  • networkd and nspawn in systemd
    Version 219 of the controversial init system, systemd, comes with a few major changes. We look at the new features in network management and container handling.
  • Link Encryption with MACsec
    MACsec encrypts defined links with high performance and secures Layer 2 protocols between client and switch or between two switches.
  • Wireshark

    Troubleshoot network problems with this popular protocol analyzer.

  • Spanning Tree Protocol
    Ethernet is so popular because it simply works and is inexpensive. However, the administration side looks a bit more complicated: For the network to run smoothly, the admin might need to make important decisions about the Spanning Tree protocol.
comments powered by Disqus